Popular Android Package Uses Just XOR -- and That's Not the Worst Part

siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?

XOR is useless

[ArcadeMan]

Unless it's used with ROT13.

Re:XOR is useless

[TapeCutter]

Must be good, it has ubiquitous hardware support. ;)

Re:The big advantage of XOR

[MichaelSmith]

Also its implemented directly in the CPU, so both encryption and decryption are very fast.

DMCA

[martin-boundary]

I think Slashdot should take down this article. Under the DMCA it's illegal to bypass flimsy methods intended to enforce security.

Re:Web sites

[ShanghaiBill]

People will gladly give good reviews to things they haven't even tried out yet.

Tornado App has good reviews.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:The big advantage of XOR

[Beryllium+Sphere(tm)]

And what data structure do you have lying around at encryption time that's as long as the plaintext?

That's right, the plaintext. Use that as your one time pad. It saves you the headache of generating high-quality randomness if you just XOR the plaintext with itself.

The resulting ciphertext is not only theoretically unbreakable without the key, it is also highly compressible for economical transmission.

Re:Web sites

[nukenerd]

Indeed. As my wife doesn't know what an xor gate is, it's good enough for me.